web/forgejo
9
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-06-22 00:08:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Use CryptoRandomBytes instead of CryptoRandomString (#18439)

Browse source 
- Switch to use `CryptoRandomBytes` instead of `CryptoRandomString`, OAuth's secrets are copied pasted and don't need to avoid dubious characters etc.
- `CryptoRandomBytes` gives ![2^256 = 1.15 * 10^77](https://render.githubusercontent.com/render/math?math=2^256%20=%201.15%20\cdot%2010^77) `CryptoRandomString` gives ![62^44 = 7.33 * 10^78](https://render.githubusercontent.com/render/math?math=62^44%20=%207.33%20\cdot%2010^78) possible states.
- Add a prefix, such that code scanners can easily grep these in source code.
- 32 Bytes + prefix
This commit is contained in:
Gusted 2022-02-04 18:03:15 +01:00 committed by GitHub
parent 88939a5663
commit aa23f477b7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 19 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/secret/secret.go
View file

@ -13,20 +13,8 @@ import (
"encoding/hex"
"errors"
"io"
"code.gitea.io/gitea/modules/util"
)
// New creates a new secret
func New() (string, error) {
return NewWithLength(44)
}
// NewWithLength creates a new secret for a given length
func NewWithLength(length int64) (string, error) {
return util.CryptoRandomString(length)
}
// AesEncrypt encrypts text and given key with AES.
func AesEncrypt(key, text []byte) ([]byte, error) {
block, err := aes.NewCipher(key)